There is a transport rule that will do a BCC emails to another SMTP address. All emails work, except if the email is sent by an iPhone in HTML format.

Solution:

N/A for now.
If you have faced any such issue, feel free to leave your comments below!

]]>Windows 10 – 5 Tips and Tricks that you need to knowhttp://www.msblog.org/2016/12/03/windows-10-5-tips-and-tricks-that-you-need-to-know/
Sat, 03 Dec 2016 16:00:07 +0000http://www.msblog.org/?p=1956Windows 10 is finally here, and Microsoft’s latest, greatest operating system is chock full of tricks and tweaks that can enhance your experience—and tailor Windows to your personal needs. Here’s a look at five of the most useful. (Pssst: Our massive Windows 10 tips and tricks guide has much, much more.)

Make Cortana more useful

You’ll definitely want to tweak the “Getting around” section of Cortana’s Notebook if you plan on using her to help with daily travel plans.

The Cortana digital assistant is one of Windows 10’s highlight new features, but she truly shines if you take the time to tell her your interests. Open Cortana and select the Notebook icon in her left-hand pane. From there, browse each section to tailor your preferences for specific news topics, alerts, and even the types of restaurants you like. You’ll be glad you did.

Tap into Cortana’s smarts while you’re browsing

Did you know Cortana’s built into Windows 10’s new Edge browser, too? You may have missed it, because the notification alert when she’s available is pretty subtle.

Cortana chiming in on Windows 10’s Edge browser.

When you’re surfing the web, Cortana will sometimes pipe up when she has helpful supplemental info. For instance, she may offer driving directions and Yelp review information when you’re browsing a restaurant’s site. Look for a blue Cortana icon with “I’ve got more info” to appear in the browser bar when it’s available. There’s no chime or in-your-face pop-up beyond the easy-to-miss text, however—so pay attention!

Master virtual desktops

Rejoice, fellow geeks: Multiple, virtual desktops have finally made their way to Windows!

Finally. Virtual desktops natively supported by Windows. *Drools*

The Task View button in the taskbar will show all your created virtual desktops—you can seemingly summon as many as your hardware can handle—as well as windows showing the software currently open in your active desktop. You can move open windows from one desktop to another by opening Task View and simply dragging-and-dropping the program onto another virtual desktop. Dragging a program over to the New Desktop button will (you guessed it) create a new virtual desktop to house your open window.

Bring back Metro

Does the return of the desktop make you yearn for Windows 8’s Start screen? (You monster!) You can force Windows 10 to use the touch-friendly interface—replete with full-screen Windows Store apps—by opening the Action Center in the lower-right corner of the taskbar, then selecting Tablet Mode. (Don’t worry, it looks less janky on actual PCs than it does in the low-resolution virtual machine I used to snag this screenshot.)

Tablet Mode in Windows 10: Slightly different from Windows 8’s Start screen, but the basic bones are the same.

Search for “Tablet Mode settings” in Cortana for more options, such as the ability to enter Tablet Mode by default when Windows boots, or to shift to it when you’re using a 2-in-1 device as a tablet. (Microsoft calls that Continuum.) If you like the Start screen-like effect but still want to use the rest of the traditional desktop, you can simply expand the Start menu to full-screen using the button in its upper-right corner.

Schedule your restarts

Last but certainly not least, Windows 10 won’t allow you to skip updates this time around, but it tosses enthusiasts a bone by finally—FINALLY—including an option to schedule exactly when those mandatory restarts happen.

Once an update’s been downloaded, head into the Windows Update section of the Settings app’s “Updates & Security” section to tell your PC when it’s got a greenlight to reboot. If you head into the advanced options you can tell Windows to notify you to schedule a restart whenever an update’s ready to rock.

Windows 10 finally lets you be the boss of your update timing.

If you want to save some bandwidth, you can also download Windows Updates to a single machine in your house, then use it to spread the patch to other PCs in your network. To do so, head to the same Advanced Options menu for Updates & Security, then click on “Choose how updates are delivered.” By default, updates are available either way—via direct download to an Internet-connected PC, or via other PCs on your network—but you can change it to accept Windows Updates only if delivered via your local network. Be sure not to enable the option on the PC you’ll use to download the initial update!

]]>Set your alarm: Microsoft’s ’12 days of deals’ starts really early Mondayhttp://www.msblog.org/2016/12/03/set-your-alarm-microsofts-12-days-of-deals-starts-really-early-monday/
Sat, 03 Dec 2016 15:52:32 +0000http://www.msblog.org/?p=1954Microsoft is once again serving up a new holiday deal each day in its online and brick-and-mortar stores, starting Monday, December 5 at 12 a.m. PT, or 3 a.m. ET.

It’s hard to say what the best post-Black Friday sale on tech products is, but Microsoft is reprising its “12 days of deals” sale and it once again looks promising.

It officially kicks off on Monday, December 5 at 12 a.m. PT, which is really Sunday night to folks on the west coast and early Monday morning for folks on the east coast (3 a.m. ET). For those in the middle of the country, well, you can take your pick between late night or early morning.

Like last year, each day for 12 days we’ll see a new sale on select items. Here’s the full list of deals, according to Microsoft’s sale preview page:

Day 1 (December 5): Save up to $1,000 on select Intel PCs, with prices starting at $199.

Post 3: Route only traffic from a particular Internal IP through VPN in OpenWRT

Post 1: VPN Service. Why do you need it.

Without VPN, when we access Netflix, Netflix will be able to see our originating IP address (or our originating country). As you are already aware (are you?), Netflix is only available for USA viewers.

With VPN, Netflix will think that we are located in USA (although we are connecting from a non-USA region). The traffic goes out from our PC/streaming player, to our local ISP. The data is then routed back to the USA VPN Server, and the data is then encapsulated and passes to Netflix service. I hope I did not lose you.

Anyway, based on my test, below are some VPN Services that worked best/stable:

Dynamic DNS (DDNS or DynDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames, addresses or other information.

Configure Dynamic DNS in OpenWRT:

Pre-requisites:

This post is written based on OpenWrt Barrier Breaker 14.07

Steps:

Login to your OpenWRT Admin (by default is 192.168.1.1)

Select Systems -> Software

Under Filter, type in “luci-app-ddns”. Click Find Package.

Then click on “Available Packages”. Next to Luci-app-ddns, click Install.

Once Luci-app-ddns is installed, you should see a new option called “Services” between the “System” and “Network”

Select Services -> Dynamic DNS

Define the dynamic DNS configuration parameters as per the screenshot and click Save

Lastly, go to System -> Startup.

Locate the Service called “DDNS” and click on “Disabled” to enable it.

“Cannot find the recipient update service responsible for domain ‘dc=sample,dc=domain,dc=com’. new and existing users may not be properly Exchange-enabled.”

The Windows Firewall service must be started before Setup can continue.

Analysis:

You checked the Exchange log (ExchangeSetup.log). It showed:

Error ONE:

[2/16/2015 1:11:59 AM] [1] [ERROR] Unexpected Error
[2/16/2015 1:11:59 AM] [1] [ERROR] The operation could not be performed because object ‘exchserver01’ could not be found on domain controller ‘adserver01.domain.com’.
[2/16/2015 1:11:59 AM] [1] Ending processing.
[2/16/2015 1:11:59 AM] [1] [ERROR] The Windows Firewall service must be started before Setup can continue.

You verify from the Domain Controller adserver01.domain.com that the Exchange server object is there. You also verify that the Exchange Server is able to communicate with the adserver01.domain.com

Error TWO:

“Cannot find the recipient update service responsible for domain ‘dc=sample,dc=domain,dc=com’. new and existing users may not be properly Exchange-enabled.”

You will need to remove the RUS manually. Most likely Exchange 2003 wasn’t decomm-ed properly (if you are no longer using Exchange 2003).

Solution:

Error ONE:

Ignore the error “[2/16/2015 1:11:59 AM] [1] [ERROR] The operation could not be performed because object ‘exchserver01’ could not be found on domain controller ‘adserver01.domain.com’.”

Just proceed with starting the Windows Firewall service and rerun the update of Service Pack.

Error TWO:

Remove the RUS (If you no longer have any Exchange 2003 server in your environment).

You will not be able to delete the Recipient Update Service (Enterprise Configuration) by using Exchange 2003 or Exchange 2000 System Manager. Perform the following steps to delete theRecipient Update Service (Enterprise Configuration) by using ADSI Edit (AdsiEdit.msc):

I will show you how to replace the Technicolor and replace it with an OpenWRT router (I’m using “OpenWrt Barrier Breaker 14.07”).

Pre-requisites:

Ensure that your router is already flashed to the OpenWRT version. See this post if you have not done so: Installing OpenWRT.

Setup of OpenWRT, Connect to PPPoE (after flashing to OpenWRT):

Change Password. On opening OpenWRT router, you will be asked to login. The default password for OpenWRT is empty. Login and change your password.

Connect to PPPoE. First thing you want to do is to connect to PPPoE, so your WAN will be able to connect to the TM fiber device. Click Network -> Interface -> next to WAN, click Edit. Change the protocol to PPPoE-WAN. Specify your username “5 digits@home.maxis.com.my or 5 digits@public.maxis.com.my”. Password by default should be the your 5 digits with a value 1 behind. Eg, if your username is 12345@home.maxis.com.my, your password will be 123451.

Click Save and Apply.

Create new VLAN for Maxis home fibre and Astro IPTV:

Switch. Click Network -> Switch.

Under VLAN ID, modify the value 2 to value 621.

Port 1 by default should be your WAN port. Ensure that CPU and Port 1 both are set to “Tagged”. Leave the rest of Ports as Off.

Click ADD. Change the VLAN ID for the new VLAN Interface to 823.

With your Astro IPTV decoder plugged into your router’s Port 4, it should be then Port 5 in the OpenWRT Switch interface. Under VLAN ID 823, ensure that CPU, Port 1 both are “Tagged”. For Port 5, set it as “Untagged”. Rest set as Off. Under VLAN ID 1, turn off the tagging for Port 5.

Click Save and Apply.

Tie the WAN Interface to VLAN 621.:

Go to Network -> Interface.

Under WAN, click Edit.

Under Physical Settings, select “eth0.621”

Create a new interface for IPTV and configure the firewall:

Go to Network -> Interface

Click Add new Interface.

Define the new name “IPTV”

Protocol: Static Address

Cover the following interface: eth0.823

Click Submit.

IPv4 Address: 192.168.2.1

IPv4: 255.255.255.0

Under Firewall Settings, under create:, type in “iptv”

Save & Apply

Under Interface, DHCP Server, click “Setup DHCP Server”.

Under DHCP Server, click “Advanced Settings” tab.

Ensure that “Force DHCP on this network even if another server is detected” is selected.

Save & Apply

Network -> Firewall, under IPTV, select the Edit icon.

Ensure that “Allow Forward to destination zones” is selected for WAN.

Click Save & Apply.

Install IGMPProxy

Click System -> Software

Click Update Lists.

Under Filter, type in “IGMPproxy”

click Available Packages. Click Install next to IGMPPROXY.

Configure IGMPProxy

Download PUTTY, run it and connect to your router

Under Login As, type “root”. Press Enter.

Type in your OpenWRT password.

Type in:

cd /etc/config

vi igmpproxy

Modify the “192.168.1.0/24” to “192.168.2.0/24” (see this link on how to use VI to edit)

]]>Azure AD Connect: One simple, fast, lightweight tool to connect Active Directory and Azure Active Directoryhttp://www.msblog.org/2014/12/17/azure-ad-connect-one-simple-fast-lightweight-tool-to-connect-active-directory-and-azure-active-directory/
Wed, 17 Dec 2014 03:55:19 +0000http://www.msblog.org/?p=1905Back in August I posted a blog announcing the beta release of Azure AD Connect. Since then we have received a lot of feedback and made improvements in AAD Connect and AAD Sync, including multi forest support and password write back.

The biggest thing we’ve learned from you, our customers and partners, is that rather than a bunch of different tools (DirSync, AAD Connect, AAD Sync, ADFS, etc.) you want one simple, integrated tool for connecting your existing Windows Server Active Directory with Azure Active Directory. You’ll be happy to know that we’ve acted on your feedback!

Today we’re releasing a public preview of the “new” Azure AD Connect (you can download it here).

Azure AD Connect is “new” because it is now one integrated tool that includes all the advances of AAD Sync and the features from the beta release of Azure AD Connect into simple, fast & lightweight solution. Azure AD Connect has everything you need to connect your Windows Server AD(s) and Azure AD with only 4 clicks.

Now you can get started using Azure AD in under an hour, no new hardware required!

With this preview you can choose Express Settings or Custom settings just like before, only now you get the latest sync engine and capabilities.

Because it’s our first combined wizard and it is in Preview status, we are not supporting production deployments for this release. Our next release will be production supported.

Our goal is to bring 100% of the previous DirSync functionality into Azure AD Connect. Before we GA Azure AD Connect we will bring all Dirsync functionality in.

We’ve received a lot of great feedback from you and have incorporated most it. But that doesn’t mean we’re done. Please keep the feedback coming!

Our goal is to GA Azure AD Connect with additional sync options, seamless migration from Dirsync, and production support in the next 90 days.

Please note there will no longer be separate releases of Azure AD Sync and Azure AD Connect. And we have no future releases of DirSync planned. Azure AD Connect is now your one stop shop for sync, sign on and all combinations of hybrid connections.

]]>Who said HTTPS is safe? Think again.http://www.msblog.org/2014/10/18/who-said-https-is-safe-think-again/
Sat, 18 Oct 2014 05:02:26 +0000http://www.msblog.org/?p=1902Users of Wi-Fi hotspots have been warned about the “Poodle” attack – the latest bug in Internet browsers that can hijack web sessions and transactions, and even extract data from secure HTTP connections, The Straits Times reported today.

Poodle, or Padding Oracle on Downgraded Legacy Encryption, exploits Secure Sockets Layer version 3 (SSLv3), one of the protocols used to secure Internet traffic, the Singapore daily said.

All major browsers, from Google Chrome to Mozilla Firefox, support SSLv3.

An attacker can access online banking or email systems “secured” by HTTP connections. The flaw was reported by Google employees – Bodo Möller, Thai Duong and Krzysztof Kotowicz – in a paper published on Thursday.

The Poodle attack relies on the fact that most web servers and browsers are still using an “ancient” SSLv3 to secure their communications.

In Exchange Management Console (EMC), under Move Request, there is some mailbox being moved. This action was not done by the local IT administrators. The mailbox affected are mailboxes already migrated to Office 365.

Solution/Explanation:

Run a Get-MoveRequest and if you see something like below, you are actually seeing the database being moved from Exchange Online DB to another Exchange Online DB. This is part of Exchange Online DB maintenance. There is no impact to users.

When you are trying to delete a verified domain name in Office 365, an error pops up saying that some users or Office365 services are still attached to the domain.

Root Cause:

Just like what the error said, some of the Office 365 services or users are still attached/assigned to the domain name that you are trying to remove.

Solution:

Things to check:

Ensure that no users are associated with the domain that you are trying to delete. You can verify this by going into Users And Groups, and Edit a user. Ensure that the domain you are trying to delete, eg, abc.com, is not listed there.

Ensure that no security groups/distribution groups have the accounts attached to abc.com. Security groups/distribution groups can be access by logging into Office 365, click on Users And Groups, and click on Security Groups.

If you have just deleted the users, or changed the domain for each individual users, you will need to wait for a while (1 min?) as it will need to sync the changes to the different Office365 service settings.

If the accounts are uploaded to Dirsync, you will need to stop the Dirsync synchronization to change the accounts to a Cloud Only account. Then, you will need to do step 1-3 above to delete the Security groups; and/or manually modify the e-mail addresses fields in Office 365, Exchange Online.

MIISClient.exe shows that a bunch of user accounts failed to sync with the error “Insufficient Permission”.

Solution:

Certain permissions needed by MSOL Service Account went missing (for whatever reason!). All we had to do is to recheck back the permissions.

Step 1: Run the Azure Active Directory Sync tool Configuration Wizard

Make sure that the latest version of the Directory Sync tool is installed and that you run the Azure Active Directory Sync tool Configuration Wizard. When you run the wizard, one screen prompts you to enable rich coexistence. Complete the wizard, and then start directory synchronization.

Alternatively, you can run the Enable-MSOnlineRichCoexistence cmdlet after the Directory Sync tool is installed to enable the write-back feature. This cmdlet must be run by using enterprise credentials or should be run by the enterprise admin.

Step 2: Confirm MSOL_AD_Sync_RichCoexistence permissions

If step 1 doesn’t resolve the issue, check that the MSOL_AD_Sync user belongs to the MSOL_AD_Sync_RichCoexistence group and that the group has Allow permissions to the user who is experiencing the issue, where write-back is not working for the following attributes:

msExchSafeSendersHash

msExchBlockedSendersHash

msExchSafeRecipientHash

msExchArchiveStatus

msExchUCVoiceMailSettings

ProxyAddresses

To do this, follow these steps:

In Active Directory, make sure that the MSOL_AD_Sync_RichCoexistence group exists and that the MSOL_AD_Sync user is a member of the group.

In the on-premises environment, use Active Directory Users and Computers to open the user properties for the user who is experiencing the issue.

On the Security tab, click Advanced.
Note You must enable advanced features to complete step 3.

Make sure that the MSOL_AD_Sync_RichCoexistence group is listed. If it’s not listed, add the group, and then make sure that the group is granted Allow permissions to write to the attributes that are listed previously.

Note Step 2 may be required if the object does not inherit permissions from the parent. This issue may be resolved by making sure that the object inherits permissions from the parent object.

6. Ensure that in all Exchange Servers (including the inactive ones located in the DR sites), the Get-WebServicesVirtualDirectory has the correct ExternalURL: https://mail.contoso.com/ews/exchange.asmx (and is routable from the internet)

]]>Bing with video background?http://www.msblog.org/2014/05/24/1648-autosave/
Sat, 24 May 2014 19:01:59 +0000http://www.msblog.org/2013/05/24/1648-autosave/Bing is famous for having a different background picture whenever someone browses to Bing. However today onwards, when browsing to Bing using a HTML5 supported browser, it will show a video in the background.

Directory sync is located in the internal network and is behind a TMG proxy. TMG Proxy has been configured to allow Directory Sync to access HTTPS of the internet.

Problem:

With Directory Sync installed, the synchronization fails from time to time after a few hours of sync (we have >10,000 objects to be synced to the cloud).

Root Cause:

Directory sync should have direct connection to the internet. It is known to create issues if it is behind a TMG Proxy.

]]>PowerShell to create Distribution Group in Exchange 2010/Office365http://www.msblog.org/2014/04/14/1718-revision-3/
Mon, 14 Apr 2014 18:13:21 +0000http://www.msblog.org/2013/04/14/1718-revision-3/When setting up Office365/Exchange 2010, it is very common to assist the customer to create distribution groups.

This is my way to script it to speed up the creation of the distribution groups:.

1. Create a CSV file for each distribution group. For my case, I have _AllStaff.CSV created. See below link for the sample of the file.